Wednesday, 27 June 2012

Virtual Private Network (VPN) : Introduction & Practical Implementation

Definition

A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. The VPN uses "virtual" connections routed through the Internet from the business's private network to the remote site or employee.

Example

I am having a pharmaceutical company. When my medical representatives are  on field, visiting doctors and taking orders from medicals, I want them to keep their updates on server. They all have been given hand held devices to do this job. 

The problem is as they are on field and not in my network, they will not be able to access the server, but still I want to grant them access without bringing their devices into domain. How is it possible to access server from a system which is not in domain? 

Yes. It is possible through Virtual Private Network (VPN).

Comments

VPN is opposite of NAT. NAT allows systems in LAN to access Internet whereas VPN allows a system on Internet to access the LAN.

  • VPN dial-up is configured on laptop. The dial-up is configured using server IP running RRAS.
  • When VPN starts, it asks username and password. After authentication if the user have access rights then the laptop user receives IP from DC DHCP (If DHCP service is installed else an IP from a range we specify at the time of configuring the VPN Service).
  • A VPN tunnel (secured by different protocols) is created between laptop user and DC and access is given to shared files and folders.

Practical

Let's consider the following scenario.

VPN Example Diagram

We have a server computer with two NICs. 
  • NIC with IP address 192.168.1.10 is connected to the Internet.
  • NIC with IP address 10.0.0.1 is connected to the LAN switch.
There is a remote client (our Medical/Sales representative) with IP 192.168.1.15 who wants to access our local network to perform some updates or to access/share some data. VPN will help us here. So let's start with the practical.

Note: We are doing this practical using Oracle VM VirtualBox.

Step 1 : Add three NICs to the Server machine. 

(Why 3 ? we will tell it very soon. Go on performing it.)

Select Machine
Goto Settings
Network
Add 2 More Adapters and Refresh Mac Address of each.
Start the Machine

Adding NIC to a machine in Oracle VM VirtualBox

Step 2 : Configure the IP Address settings of each NIC.

Go to Network & Sharing Center
Manage Network Connections


Right Click & Disable Local Area Connection 3



Right Click on Local Area Connection 2
Properties
Uncheck Internet Protocol Version 6 (TCP/IPv6)
Select Internet Protocol Version 4 (TCP/IPv4)
Proprties & Configure as shown in the image.

IP Settings for NIC connected to LAN
Right Click on Local Area Connection 1
Properties
Uncheck Internet Protocol Version 6 (TCP/IPv6)
Select Internet Protocol Version 4 (TCP/IPv4)
Proprties & Configure as shown in the image.

IP Settings for NIC connected to Internet

Step 3 : Give user Dial-in Access

First create a user in AD for the remote client i.e. the Medical/Sales representative. Then
Right Click on the user
Properties
Dial In
Select Allow access -> OK


Step 4 : Install Role Netwrok Policy and Access Services

Goto Server Manager and Install Role Netwrok Policy and Access Services -> Next -> Next
Select Routing and Remote Access Services (2 more options will get selected automatically)
-> Next -> Install -> Close

Step 5 : Configuring Virtual Private Network (VPN) Service

Start -> Administrative Tools -> Routing and Remote Access

Right Click on SERVER(local) -> Configure and Enable Routing and Remote Access -> Next
Select Remote access (dial-up or VPN) -> Next



Select VPN -> Next

Now it asks for the NIC connected to Internet. (In our case 192.168.1.10)

Next select the LAN NIC. This is the NIC to which we are allowing access to the remote client. (i.e. 10.0.0.1)

As we have not installed DHCP, hence select From a specified range of addresses -> Next -> Click New and provide an IP range.

Keep "No, use Routing and Remote Access to authenticate connection requests" selected -> Next
-> Finish -> OK

With this we have configured the VPN service. Now on client, you have to just create a dialer.

Step 6 : Configuring Client

The IP configuration of client system is shown in the Image.


Restart the Server Computer (This step is important for success of the practical.)

Ping 192.168.1.10 -t and check that the client gets reply from server.

Step 7 : Create VPN Dialer

Now continuing on client,

Open Network and Sharing Center -> Set up a new connection or network


Connect to a work place -> Next

Use my Internet connection (VPN)


Select I'll setup my Internet connection later -> Next

Now you have to provide the IP of the server NIC connected to Internet i.e. 192.168.1.10 and a name to the connection -> Next

Here enter the credentials of the user we have made in the beginning of this practical and the dialer is ready.

Step 8 : Dial the VPN connection & Access the network

To start VPn connection, Double Click on Dialer and provide credentials of the user with Dial-in access -> Connect








And you are connected.

To access the Server, Start -> Run -> \\10.0.0.1 -> Ok and you can access the resources and do your work.

No comments:

Post a Comment

Your comments are very much valuable for us. Thanks for giving your precious time.